1. A manageable switch is not required.
The simplest way to deploy WFilter is to enable "port mirroring" in your switch/router. This pass-by filtering mode is easy to setup and does no influence to your network. Therefore it's recommended.
In case a manageable switch is unavailable, WFilter can also be deployed in "pass-through" mode. This mode needs a computer with two NICs to work as a network bridge. The deployment is a little complicated. Please check this topic for details:
Deploy WFilter in a network bridge.
2. Why some other products can enable monitoring without a manageable switch?
1). Maybe this program works in pass-through mode too.
2). Some programs have "arpspoof" integrated. When enabled, it can send arp spoof packets to make itself acting as a network bridge. This behavior can slow down your network, and it can not monitor computers with anti-arp firewalls.
3). If you already have an arpspoof tool(eg:
open source arpspoof tool, WFilter also can work with it. Please notice, the monitoring mode of WFilter shall be "by IP address". Again:
ARP Spoof is harmful to your network, use it with caution.